Privacy Policy
This policy is published in Armenian, Russian and English. In case of any discrepancy between the versions, the Armenian version prevails and is legally binding.
Who we are
Light Style is an online store operating in Armenia. We are the controller responsible for the personal data described in this policy. For any privacy-related question you can reach us at the contacts below.
What data we collect
We collect only the data we need to run the online store, fulfil your orders and improve the service. The table below lists each category, why we use it and the legal basis under GDPR Article 6.
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Name, phone, email | Account creation, delivery | Performance of a contract |
| Delivery address | Order fulfilment | Performance of a contract |
| Order history | Service, support, accounting | Legal obligation |
| Date of birth | Birthday discount | Consent |
| Payment data (transaction ID, status) | Accounting | Legal obligation |
| IP address, browser, device | Security, analytics | Legitimate interest |
| Cookies, pixels | Analytics, advertising | Consent |
| Product browsing history | Personalisation | Consent |
| Search queries | Search improvement | Legitimate interest |
Payment data
We never store your card numbers. All card payments are processed directly by IDBank and IDram. On our side we keep only the transaction ID, its status and the amount, which is enough for accounting and support, but never the card details themselves.
Profiling
We use automated processing to recommend products and personalise your experience based on your browsing and order history. This profiling does not produce legal effects for you. You have the right to object to it at any time.
Who we share data with
We never sell your personal data. We share it only with the partners that help us run the service, and only to the extent necessary.
| Recipient | Purpose | Country |
|---|---|---|
| Courier services | Order delivery | Armenia |
| IDBank | Payment processing | Armenia |
| IDram | Payment processing | Armenia |
| Accountant / auditor | Financial accounting | Armenia |
| RA State Revenue Committee (SRC) | Legal obligation | Armenia |
| Courts / law enforcement | On official request | Armenia |
| Hetzner GmbH | Server hosting | Germany (EU) |
| SMS provider (OTP) | Phone verification | - |
| Google LLC | Analytics, advertising | USA |
| Meta Platforms | Advertising pixel | USA |
| TikTok / ByteDance | Advertising pixel | China |
International data transfers
Our servers are located in Finland (EU, Hetzner). Transfers of data to the USA (Google, Meta) are carried out on the basis of the EU Standard Contractual Clauses (SCC). For TikTok, data may be processed in China, which has no EU adequacy decision; we ask for your explicit consent before enabling such tracking.
Data retention periods
| Data type | Retention period |
|---|---|
| Account (name, phone, email) | Until deletion + 30 days |
| Date of birth | Until account deletion |
| Orders, payments, financial documents | 5 years (RA accounting law) |
| Analytics (GA4) | 26 months |
| Server logs | 90 days |
| Marketing consent record | 3 years after withdrawal |
| Backups | 30 days after account deletion |
Children
The service is intended for persons aged 18 and over. Products for children are purchased by their parents or guardians. We do not knowingly collect data about children.
Marketing communications
We send email and SMS marketing only with your consent. You can unsubscribe at any time via the link in the message or in your account settings. Transactional notifications (order status, OTP) are part of the service and cannot be turned off.
Loyalty and referral programme
Data about your loyalty points and referral links is processed as part of providing these programmes: to credit points, track referrals and prevent abuse.
Reviews
Reviews are public. When you delete your account, the author name is replaced with «Buyer» while the text of the review is kept, so other customers can still rely on it.
Gift cards
When you send a gift card to a recipient, we process their email solely to deliver the card and for no other purpose.
Mobile application
This policy also applies to the Light Style mobile application for iOS and Android, including any data the app collects on your device.
Security measures
- HTTPS/TLS encryption for all data in transit
- Password hashing, we never store passwords in plain text
- Restricted employee access on a need-to-know basis
- Continuous security monitoring
Data breach
If we detect a personal data breach, we commit to notifying the affected users within 72 hours, together with the supervisory authority where required by law.
Your rights
Under GDPR and Armenian law you have the following rights regarding your personal data:
- Right of access, obtain a copy of your data
- Right to rectification
- Right to erasure (the «right to be forgotten»)
- Right to data portability, download your data
- Right to restriction of processing
- Right to object (including to profiling)
- Right to withdraw consent
You can exercise most of these rights yourself: use the «Delete account» and «Download my data» buttons in your account settings, or email us at support@ls.am. We respond within 30 days (up to 90 days for complex requests).
Go to account settingsSupervisory authority
You have the right to lodge a complaint with the Personal Data Protection Agency of the Republic of Armenia (ՀՀ Անձնական տվյալների պաշտպանության գործակալություն).
Changes to this policy
We notify you by email at least 30 days before any material change takes effect, and with a banner on the site. The version history is available below on this page.
Governing law
This Policy is governed by the laws of the Republic of Armenia, taking into account the requirements of the EU GDPR. In case of any discrepancy between language versions, the Armenian version prevails.
Version history
- v1.0June 1, 2026First publication.